KevinMidboe/kazan
1
0
Fork 0
mirror of https://github.com/KevinMidboe/kazan.git synced 2025-10-29 09:40:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
da79a65cbb4586bfad5c02045bbc613f8998bfb6
kazan/ingress-traefik/values.yml

91 lines
2.1 KiB
YAML
Raw Blame History

additionalArguments:
# Configure your CertificateResolver here...
#
# DNS Challenge
# ---
# Cloudflare Example:
- --certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare
- --certificatesresolvers.cloudflare.acme.email=kevin.midboe+kazan-cf@gmail.com
- --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=1.1.1.1
- --certificatesresolvers.cloudflare.acme.storage=/ssl-certs/acme-cloudflare.json
logs:
# Configure log settings here...
general:
level: ERROR
ports:
# Configure your entrypoints here...
web:
# address: :80
# http:
# (optional) Permanent Redirect to HTTPS
redirectTo:
port: websecure
websecure:
tls:
enabled: true
# (optional) Set a Default CertResolver
certResolver: cloudflare
env:
# Set your environment variables here...
#
# DNS Challenge Credentials
# ---
# Cloudflare Example:
- name: CF_API_EMAIL
valueFrom:
secretKeyRef:
key: email
name: cloudflare-credentials
- name: CF_API_KEY
valueFrom:
secretKeyRef:
key: apiKey
name: cloudflare-credentials
# Disable Dashboard
ingressRoute:
dashboard:
enabled: false
# Persistent Storage
persistence:
enabled: true
name: ssl-certs
accessMode: ReadWriteOnce
size: 1Gi
storageClass: nfs-csi
path: /ssl-certs
deployment:
initContainers:
# The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/containous/traefik/issues/6972
- name: volume-permissions
image: busybox:1.31.1
command: ["sh", "-c", "chmod -Rv 600 /ssl-certs/*"]
volumeMounts:
- name: ssl-certs
mountPath: /ssl-certs
# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
ingressClass:
enabled: true
isDefaultClass: true
# Set the container security context
# To run the container with ports below 1024 this will need to be adjust to run as root
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: false
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
podSecurityContext:
fsGroup: 65532
Reference in New Issue View Git Blame Copy Permalink